Tag: Cybercriminals | Page 10

Ransomware still a primary threat as cybercriminals evolve tactics

September 20, 2021/in Internet Security

Trend Micro announced that it blocked 40.9 billion email threats, malicious files, and malicious URLs for customers in the first half of 2021, a 47% year-on-year increase.

ransomware primary threat

Ransomware remains primary threat in the first half of the year as cybercriminals continued to target big-name victims. Working with third parties to gain access to targeted networks, they used Advanced Persistent Threat tools and techniques to steal and encrypt victims’ data.

The banking industry was disproportionately affected, experiencing a 1,318% year-on-year increase in ransomware attacks in the first half of 2021.

Ransomware remained primary threat in H1 2021, but not the only one

Ransomware was a major threat to global organizations in the first half of 2021, but it was not the only one. The report also reveals:

Business email compromise (BEC) attacks increased by 4%, potentially as a result of new COVID-19 opportunities for threat actors.
Cryptocurrency miners became the most detected malware, having surged ahead of WannaCry and web shells in recent months.
The Zero Day Initiative detected 770 vulnerabilities, a slight (2%) drop from 1H 2020.
A total of 164 malicious apps related to COVID-19 scams were detected, 54% of which impersonated TikTok.

“The first step towards effectively mitigating cyber risk is understanding the scale, complexity, and specific characteristics of the threat landscape,” said Jon Clay, VP of threat intelligence for Trend Micro.

Source…

This is the perfect ransomware victim, according to cybercriminals

September 6, 2021/in Internet Security

Researchers have explored what the perfect victim looks like to today’s ransomware groups.

On Monday, KELA published a report on listings made by ransomware operators in the underground, including access requests — the way to gain an initial foothold into a target system — revealing that many want to buy a way into US companies with a minimum revenue of over $100 million.

Initial access is now big business. Ransomware groups such as Blackmatter and Lockbit may cut out some of the legwork involved in a cyberattack by purchasing access, including working credentials or the knowledge of a vulnerability in a corporate system.

When you consider a successful ransomware campaign can result in payments worth millions of dollars, this cost becomes inconsequential — and can mean that cybercriminals can free up time to strike more targets.

The cybersecurity company’s findings, based on observations in dark web forums during July 2021, suggest that threat actors are seeking large US firms, but Canadian, Australian, and European targets are also considered.

Russian targets are usually rejected immediately, and others are considered “unwanted” — including those located in developing countries — likely because potential payouts are low.

Roughly half of ransomware operators will, however, reject offers for access into organizations in the healthcare and education sector, no matter the country. In some cases, government entities and non-profits are also off the table.

In addition, there are preferred methods of access. Remote Desktop Protocol (RDP), Virtual Private Network (VPN)-based access prove popular. Specifically, access to products developed by companies including Citrix, Palo Alto Networks, VMWare, Cisco, and Fortinet.

“As for the level of privileges, some attackers stated they prefer domain admin rights, though it does not seem to be critical,” the report states.

KELA also found offerings for e-commerce panels, unsecured databases, and…

Source…

Dear enterprise IT: Cybercriminals use AI too

June 17, 2021/in Computer Security

Elevate your enterprise data technology and strategy at Transform 2021.

In a 2017 Deloitte survey, only 42% of respondents considered their institutions to be extremely or very effective at managing cybersecurity risk. The pandemic has certainly done nothing to alleviate these concerns. Despite increased IT security investments companies made in 2020 to deal with distributed IT and work-from-home challenges, nearly 80% of senior IT workers and IT security leaders believe their organizations lack sufficient defenses against cyberattacks, according to IDG.

Unfortunately, the cybersecurity landscape is poised to become more treacherous with the emergence of AI-powered cyberattacks, which could enable cybercriminals to fly under the radar of conventional, rules-based detection tools. For example, when AI is thrown into the mix, “fake email” could become nearly indistinguishable from trusted contact messages. And deepfakes — media that takes a person in an existing image, audio recording, or video and replaces them with someone else’s likeness using AI — could be employed to commit fraud, costing companies millions of dollars.

The solution could lie in “defensive AI,” or self-learning algorithms that understand normal user, device, and system patterns in an organization and detect unusual activity without relying on historical data. But the road to widespread adoption could be long and winding as cybercriminals look to stay one step ahead of their targets.

What are AI-powered cyberattacks?

AI-powered cyberattacks are conventional cyberattacks augmented with AI and machine learning technologies. Take phishing, for example — a type of social engineering where an attacker sends a message designed to trick a human into revealing sensitive information or installing malware. Infused with AI, phishing messages can be personalized to target high-profile employees at enterprises (like members of the C-suite) in a practice known as “spear phishing.”

Imagine an adversarial group attempting to impersonate board members or send fake invoices claiming to come from familiar suppliers. Sourcing a machine learning language model capable of generating…

Source…